Skip to content

v0.11.0-rc1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 Oct 14:07
· 0 commits to main since this release
v0.11.0-rc1
55bbfe5

Changelog

  • df9b1c0 Add --in-flight-checksums CLI flag for TOCTU attack prevention
  • 6e4fd22 Add SLSA environment variable constants and help documentation
  • e84e764 Add SLSA verifier interface and mock implementation
  • bb3f821 Add checksum storage to build context for in-flight checksumming
  • de2c2fe Add comprehensive SLSA verification test suite
  • 120f2f8 Add comprehensive tests for in-flight checksumming security
  • 3f40064 Add end-of-build verification to complete TOCTU attack protection
  • dfaa291 Add golang.org/x/time dependency for rate limiting
  • d8a6af3 Add slsa-verifier dependency for cache verification
  • 5e46b45 CLC-1361: Ignore ephemeral packages during scanning
  • 682cb2f Clean up go.sum tidiness
  • 7a04144 Extend RemoteConfig with SLSA verification settings
  • 3e46a85 Fix devcontainer configuration drift
  • 1db2eb5 Fix errcheck linting errors in SLSA cache implementation
  • 14152de Fix test initialization to prevent SIGSEGV crashes
  • 12f1210 Hook checksum recording after cache artifact creation
  • 0d104b5 Ignore ephemeral packages during SBOM export
  • 2979648 Implement SLSA CLI flags and configuration integration
  • 3a706eb Implement SLSA verifier for cache artifact verification
  • ae51001 Implement checksum helper functions for in-flight checksumming
  • a09d419 Implement production-ready S3 cache with concurrency safety
  • 3107908 Implement structured result approach for reliable error attribution
  • 9a048c4 Improve S3Cache implementation with code deduplication and better architecture
  • f95417f Make builddir reporting beautiful
  • bfe3f21 Merge pull request #240 from gitpod-io/feature/sbom-parallelism
  • 0680384 Refactor SLSA configuration architecture for better maintainability
  • 234fa22 Update tests to use new SLSA configuration architecture
  • 0a13265 build: add Sigstore dependencies for integrated signing
  • 31a0be1 build: upgrade anchore dependencies to fix mapstructure compatibility
  • 55bbfe5 ci: support pre-releases
  • 97e5eb9 docs(readme): document exportToCache field and SLSA L3 usage
  • 0a6e8b8 feat(build): implement Docker image export to cache
  • 7cc4f73 feat(cli): add --docker-export-to-cache flag with proper precedence
  • b892734 feat(config): add exportToCache field to DockerPkgConfig
  • 3facf99 feat(slsa): implement SLSA L3 auto-enablement with precedence hierarchy
  • 5f09a0d feat: add configurable SBOM parallelism with CPU core default
  • 629078c feat: add environment variable support for in-flight checksumming
  • aa92849 feat: add sign-cache plumbing command for CI/CD integration
  • 7e31b0f feat: implement complete parallel downloads and throughput benchmarks
  • a02950f feat: implement integrated SLSA signing architecture
  • 0eb3851 fix: ensure benchmarks use realistic mocks for accurate performance measurement
  • 322bb54 fix: replace placeholder Sigstore implementation with production API
  • 12acac3 perf: implement realistic mock for meaningful performance benchmarks
  • e23cbad refactor: remove build log and default to CPU cores when parallelism is 0
  • 3265c9b refactor: simplify sign-cache command interface
  • 87d9fb5 test(build): add comprehensive tests for export functionality
  • a9124b3 test(integration): Add integration tests for Docker export to cache
Assets 7
Loading